1651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines// RUN: %clang_cc1 -triple i386-apple-darwin10 -analyze -analyzer-checker=core,deadcode,alpha.core -std=gnu99 -analyzer-store=region -analyzer-constraints=range -analyzer-purge=none -verify %s -Wno-error=return-type 2651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines// RUN: %clang_cc1 -triple i386-apple-darwin10 -analyze -analyzer-checker=core,deadcode,alpha.core -std=gnu99 -analyzer-store=region -analyzer-constraints=range -verify %s -Wno-error=return-type 32f54af48219e4b633346249f318c3536fe76cf14Ted Kremenek 4f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenektypedef unsigned uintptr_t; 5f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenek 6f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenekextern void __assert_fail (__const char *__assertion, __const char *__file, 7f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenek unsigned int __line, __const char *__function) 8f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenek __attribute__ ((__noreturn__)); 9f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenek 10f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenek#define assert(expr) \ 11f8add9b5f51540e9e734e6a82c5d54c362be822aTed Kremenek ((expr) ? (void)(0) : __assert_fail (#expr, __FILE__, __LINE__, __func__)) 120fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek 132f54af48219e4b633346249f318c3536fe76cf14Ted Kremenekvoid f1(int *p) { 142f54af48219e4b633346249f318c3536fe76cf14Ted Kremenek if (p) *p = 1; 152f54af48219e4b633346249f318c3536fe76cf14Ted Kremenek else *p = 0; // expected-warning{{ereference}} 162f54af48219e4b633346249f318c3536fe76cf14Ted Kremenek} 17b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek 18b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenekstruct foo_struct { 19b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek int x; 20b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek}; 21b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek 22b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenekint f2(struct foo_struct* p) { 23b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek 24b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek if (p) 25b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek p->x = 1; 26b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek 27646c3c3beaf71fc64453d766dff22024dd5e0409Ted Kremenek return p->x++; // expected-warning{{Access to field 'x' results in a dereference of a null pointer (loaded from variable 'p')}} 28b9ab690786f0edfe32798bbf4338cab23e08bc6eTed Kremenek} 299704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek 309704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenekint f3(char* x) { 319704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek 329704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek int i = 2; 339704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek 349704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek if (x) 359704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek return x[i - 1]; 369704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek 37646c3c3beaf71fc64453d766dff22024dd5e0409Ted Kremenek return x[i+1]; // expected-warning{{Array access (from variable 'x') results in a null pointer dereference}} 389704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek} 399704eacf27608cf3549014dd198b0f1148a4a3a0Ted Kremenek 40e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenekint f3_b(char* x) { 41e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek 42e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek int i = 2; 43e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek 44e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek if (x) 45e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek return x[i - 1]; 46e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek 47646c3c3beaf71fc64453d766dff22024dd5e0409Ted Kremenek return x[i+1]++; // expected-warning{{Array access (from variable 'x') results in a null pointer dereference}} 48e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek} 49e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6Ted Kremenek 500fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenekint f4(int *p) { 510fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek 524489fe10fa073eb326e2c8906db170f009050911Daniel Dunbar uintptr_t x = (uintptr_t) p; 530fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek 540fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek if (x) 550fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek return 1; 560fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek 570fe33bc94a822e315585e5cde1964d3c3b9052f9Ted Kremenek int *q = (int*) x; 58452b84ded735d7e7de6d099953ab959a4c9910f0Ted Kremenek return *q; // expected-warning{{Dereference of null pointer (loaded from variable 'q')}} 59a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek} 60a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek 616d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Careint f4_b() { 626d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care short array[2]; 636d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care uintptr_t x = array; // expected-warning{{incompatible pointer to integer conversion}} 646d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care short *p = x; // expected-warning{{incompatible integer to pointer conversion}} 656d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care 666d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care // The following branch should be infeasible. 67651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines if (!(p == &array[0])) { 686d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care p = 0; 696d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care *p = 1; // no-warning 706d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care } 716d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care 726d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care if (p) { 736d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care *p = 5; // no-warning 746d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care p = 0; 756d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care } 766d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care else return; // expected-warning {{non-void function 'f4_b' should return a value}} 776d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care 786d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care *p += 10; // expected-warning{{Dereference of null pointer}} 796d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care return 0; 806d0e6ce200aa06b06f0e9b493ed365bbe2982ceeTom Care} 81e1c2a675e0c089e1f53cbd55d2197a8beaa852aeTed Kremenek 82a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenekint f5() { 83a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek 84a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek char *s = "hello world"; 85a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek return s[0]; // no-warning 86a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek} 87a548846b471f7ca05ec6038c7d9d3b4d0de777ccTed Kremenek 887fb43c17eb2b4102f40a80a355629aacd70589adTed Kremenekint bar(int* p, int q) __attribute__((nonnull)); 89584def7364f51e35bfcaf5c3c64673096533addaTed Kremenek 90584def7364f51e35bfcaf5c3c64673096533addaTed Kremenekint f6(int *p) { 917fb43c17eb2b4102f40a80a355629aacd70589adTed Kremenek return !p ? bar(p, 1) // expected-warning {{Null pointer passed as an argument to a 'nonnull' parameter}} 927fb43c17eb2b4102f40a80a355629aacd70589adTed Kremenek : bar(p, 0); // no-warning 937fb43c17eb2b4102f40a80a355629aacd70589adTed Kremenek} 94584def7364f51e35bfcaf5c3c64673096533addaTed Kremenek 95a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenekint bar2(int* p, int q) __attribute__((nonnull(1))); 96a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek 97a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenekint f6b(int *p) { 98a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek return !p ? bar2(p, 1) // expected-warning {{Null pointer passed as an argument to a 'nonnull' parameter}} 99a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek : bar2(p, 0); // no-warning 100a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek} 101a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek 1021e10011aa27d322d1290fc04d2372bf8719c645bTed Kremenekint bar3(int*p, int q, int *r) __attribute__((nonnull(1,3))); 103a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek 1041e10011aa27d322d1290fc04d2372bf8719c645bTed Kremenekint f6c(int *p, int *q) { 105a317e90f4c4aeb871359c3b8c3420f1ddab97d5cTed Kremenek return !p ? bar3(q, 2, p) // expected-warning {{Null pointer passed as an argument to a 'nonnull' parameter}} 106a317e90f4c4aeb871359c3b8c3420f1ddab97d5cTed Kremenek : bar3(p, 2, q); // no-warning 1071e10011aa27d322d1290fc04d2372bf8719c645bTed Kremenek} 108a96ac060debe3b83caa5c4ddba0c44a44b4499feTed Kremenek 109f0549e2b5c73d65ce96fc37c9030577997fe19d4Mike Stumpvoid f6d(int *p) { 110c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek bar(p, 0); 111c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek // At this point, 'p' cannot be null. 112c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek if (!p) { 113c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek int *q = 0; 114c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek *q = 0xDEADBEEF; // no-warning 115c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek } 116c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek} 117c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0Ted Kremenek 1189a126850968b0aa25f7c6f214e7309e33f2d800aJordy Rosevoid f6e(int *p, int offset) { 1199a126850968b0aa25f7c6f214e7309e33f2d800aJordy Rose // PR7406 - crash from treating an UnknownVal as defined, to see if it's 0. 1209a126850968b0aa25f7c6f214e7309e33f2d800aJordy Rose bar((p+offset)+1, 0); // not crash 1219a126850968b0aa25f7c6f214e7309e33f2d800aJordy Rose} 1229a126850968b0aa25f7c6f214e7309e33f2d800aJordy Rose 12322bda887aacd0e591978541a799aa43835652ec9Ted Kremenekint* qux(); 12422bda887aacd0e591978541a799aa43835652ec9Ted Kremenek 12522bda887aacd0e591978541a799aa43835652ec9Ted Kremenekint f7(int x) { 12622bda887aacd0e591978541a799aa43835652ec9Ted Kremenek 12722bda887aacd0e591978541a799aa43835652ec9Ted Kremenek int* p = 0; 12822bda887aacd0e591978541a799aa43835652ec9Ted Kremenek 12922bda887aacd0e591978541a799aa43835652ec9Ted Kremenek if (0 == x) 13022bda887aacd0e591978541a799aa43835652ec9Ted Kremenek p = qux(); 13122bda887aacd0e591978541a799aa43835652ec9Ted Kremenek 13222bda887aacd0e591978541a799aa43835652ec9Ted Kremenek if (0 == x) 13322bda887aacd0e591978541a799aa43835652ec9Ted Kremenek *p = 1; // no-warning 13422bda887aacd0e591978541a799aa43835652ec9Ted Kremenek 13522bda887aacd0e591978541a799aa43835652ec9Ted Kremenek return x; 13622bda887aacd0e591978541a799aa43835652ec9Ted Kremenek} 13722bda887aacd0e591978541a799aa43835652ec9Ted Kremenek 138935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenekint* f7b(int *x) { 139935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek 140935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek int* p = 0; 141935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek 142935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek if (((void*)0) == x) 143935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek p = qux(); 144935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek 145935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek if (((void*)0) == x) 146935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek *p = 1; // no-warning 147935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek 148935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek return x; 149935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek} 150935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek 1511308f573d7a9840713879deb3c02b219197cd827Ted Kremenekint* f7c(int *x) { 1521308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1531308f573d7a9840713879deb3c02b219197cd827Ted Kremenek int* p = 0; 1541308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1551308f573d7a9840713879deb3c02b219197cd827Ted Kremenek if (((void*)0) == x) 1561308f573d7a9840713879deb3c02b219197cd827Ted Kremenek p = qux(); 1571308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1581308f573d7a9840713879deb3c02b219197cd827Ted Kremenek if (((void*)0) != x) 1591308f573d7a9840713879deb3c02b219197cd827Ted Kremenek return x; 16065d80fd4acfe65400b7ad594042adc08e972c405Ted Kremenek 16165d80fd4acfe65400b7ad594042adc08e972c405Ted Kremenek // If we reach here then 'p' is not null. 16265d80fd4acfe65400b7ad594042adc08e972c405Ted Kremenek *p = 1; // no-warning 1631308f573d7a9840713879deb3c02b219197cd827Ted Kremenek return x; 1641308f573d7a9840713879deb3c02b219197cd827Ted Kremenek} 1651308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1661308f573d7a9840713879deb3c02b219197cd827Ted Kremenekint* f7c2(int *x) { 1671308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1681308f573d7a9840713879deb3c02b219197cd827Ted Kremenek int* p = 0; 1691308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1701308f573d7a9840713879deb3c02b219197cd827Ted Kremenek if (((void*)0) == x) 1711308f573d7a9840713879deb3c02b219197cd827Ted Kremenek p = qux(); 1721308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1731308f573d7a9840713879deb3c02b219197cd827Ted Kremenek if (((void*)0) == x) 1741308f573d7a9840713879deb3c02b219197cd827Ted Kremenek return x; 1751308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 1761308f573d7a9840713879deb3c02b219197cd827Ted Kremenek *p = 1; // expected-warning{{null}} 1771308f573d7a9840713879deb3c02b219197cd827Ted Kremenek return x; 1781308f573d7a9840713879deb3c02b219197cd827Ted Kremenek} 1791308f573d7a9840713879deb3c02b219197cd827Ted Kremenek 180935022a9aebb32459fd56ccfb1e1cfb9c0a5176cTed Kremenek 181339d52a8ddcb345275ec48c7bab849a8943fa9f5Mike Stumpvoid f8(int *p, int *q) { 182dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek if (!p) 183dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek if (p) 184dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek *p = 1; // no-warning 185dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek 186dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek if (q) 187dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek if (!q) 188dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek *q = 1; // no-warning 189dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4Ted Kremenek} 1908c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek 1918c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenekint* qux(); 1928c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek 1930a41e5a03a2753e736dece6fc6847e6de2dedec1Ted Kremenekint f9(unsigned len) { 1948c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek assert (len != 0); 1958c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek int *p = 0; 196cafd9089a4745414eedb93d0b543d9d22c6b55aeTed Kremenek unsigned i; 1978c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek 198cafd9089a4745414eedb93d0b543d9d22c6b55aeTed Kremenek for (i = 0; i < len; ++i) 199e2b00834749b685f8023c3984632d775c1550da3Ted Kremenek p = qux(i); 2008c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek 2018c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek return *p++; // no-warning 2028c3e7fbae6f61f87000f1edd59bb2379abf3d7e0Ted Kremenek} 203f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek 2040a41e5a03a2753e736dece6fc6847e6de2dedec1Ted Kremenekint f9b(unsigned len) { 205f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek assert (len > 0); // note use of '>' 206f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek int *p = 0; 207cafd9089a4745414eedb93d0b543d9d22c6b55aeTed Kremenek unsigned i; 208f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek 209cafd9089a4745414eedb93d0b543d9d22c6b55aeTed Kremenek for (i = 0; i < len; ++i) 210f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek p = qux(i); 211f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek 212f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek return *p++; // no-warning 213f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek} 214f6e5ec45950df60555ee96c62b728b485394e34eTed Kremenek 215973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenekint* f10(int* p, signed char x, int y) { 216973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek // This line tests symbolication with compound assignments where the 217973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek // LHS and RHS have different bitwidths. The new symbolic value 218973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek // for 'x' should have a bitwidth of 8. 219973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek x &= y; 220973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek 221973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek // This tests that our symbolication worked, and that we correctly test 222973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek // x against 0 (with the same bitwidth). 223973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek if (!x) { 22401f2a1ea4d2b124d83eca82e01a0a7482c2c3614Anna Zaks if (!p) return 0; 225973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek *p = 10; 226973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek } 227973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek else p = 0; 228973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek 229973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek if (!x) 230973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek *p = 5; // no-warning 231973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek 232973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek return p; 233973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek} 234973e72a8ddbf1645ce8da4d22c60babbdb9b5f79Ted Kremenek 23573abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek// Test case from <rdar://problem/6407949> 23673abd133aeda75971212176b1b4f7f251976d7cfTed Kremenekvoid f11(unsigned i) { 23773abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek int *x = 0; 2388205c1a5c623a418f06789f222183ed5040ff4c9John McCall if (i >= 0) { // expected-warning{{always true}} 23973abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek // always true 24073abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek } else { 24173abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek *x = 42; // no-warning 24273abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek } 24373abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek} 24473abd133aeda75971212176b1b4f7f251976d7cfTed Kremenek 245d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenekvoid f11b(unsigned i) { 246d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek int *x = 0; 247d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek if (i <= ~(unsigned)0) { 248d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek // always true 249d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek } else { 250d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek *x = 42; // no-warning 251d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek } 252d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek} 253d7ff4874cbb99b5a8a92121af18792204b210dbbTed Kremenek 25472afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek// Test case for switch statements with weird case arms. 25572afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenektypedef int BOOL, *PBOOL, *LPBOOL; 25672afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenektypedef long LONG_PTR, *PLONG_PTR; 25772afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenektypedef unsigned long ULONG_PTR, *PULONG_PTR; 25872afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenektypedef ULONG_PTR DWORD_PTR, *PDWORD_PTR; 25972afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenektypedef LONG_PTR LRESULT; 26072afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenektypedef struct _F12ITEM *HF12ITEM; 26172afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek 26272afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenekvoid f12(HF12ITEM i, char *q) { 26372afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek char *p = 0; 26472afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek switch ((DWORD_PTR) i) { 26572afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek case 0 ... 10: 26672afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek p = q; 26772afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek break; 26872afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek case (DWORD_PTR) ((HF12ITEM) - 65535): 26972afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek return; 27072afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek default: 27172afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek return; 27272afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek } 27372afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek 27472afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek *p = 1; // no-warning 27572afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek} 27672afb3739da0da02158242ae41a50cfe0bea78b4Ted Kremenek 277efcfcc0e27ade4e0bb6626824f2bdc0a01bab32bTed Kremenek// Test handling of translating between integer "pointers" and back. 278efcfcc0e27ade4e0bb6626824f2bdc0a01bab32bTed Kremenekvoid f13() { 279efcfcc0e27ade4e0bb6626824f2bdc0a01bab32bTed Kremenek int *x = 0; 280245adabd97c8c770c13935a9075f2243cc6f1d57Tom Care if (((((int) x) << 2) + 1) >> 1) *x = 1; 281efcfcc0e27ade4e0bb6626824f2bdc0a01bab32bTed Kremenek} 282efcfcc0e27ade4e0bb6626824f2bdc0a01bab32bTed Kremenek 283ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenek// PR 4759 - Attribute non-null checking by the analyzer was not correctly 284ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenek// handling pointer values that were undefined. 285ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenekvoid pr4759_aux(int *p) __attribute__((nonnull)); 286ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenek 287ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenekvoid pr4759() { 288ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenek int *p; 289818b433a943653b329df56bdaa1b18385603d2bdTed Kremenek pr4759_aux(p); // expected-warning{{Function call argument is an uninitialized value}} 290ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenek} 291ac50213ec509063151bc1a9c6b7d71561896cdd5Ted Kremenek 2922cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks// Relax function call arguments invalidation to be aware of const 2932cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks// arguments. Test with function pointers. radar://10595327 2942cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaksvoid ttt(const int *nptr); 2952cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaksvoid ttt2(const int *nptr); 2962cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zakstypedef void (*NoConstType)(int*); 2972cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaksint foo10595327(int b) { 2982cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks void (*fp)(int *); 2992cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks // We use path sensitivity to get the function declaration. Even when the 300651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines // function pointer is cast to non-pointer-to-const parameter type, we can 3012cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks // find the right function declaration. 3022cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks if (b > 5) 3032cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks fp = (NoConstType)ttt2; 3042cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks else 3052cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks fp = (NoConstType)ttt; 3062cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks int x = 3; 3072cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks int y = x + 1; 3082cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks int *p = 0; 3092cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks fp(&y); 3102cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks if (x == y) 3112cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks return *p; // no-warning 3122cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks return 0; 3132cbe791d3e9b26f30196c4852da75d9ad67b4ad9Anna Zaks} 314